From 356c485459faf2b986aadbc58c6f7f65bd0ed76f Mon Sep 17 00:00:00 2001 From: rmkml Date: Sat, 13 Apr 2019 22:06:53 +0200 Subject: [PATCH 1/4] Add BigBobRoss Ransomware --- clusters/ransomware.json | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 4cddd476..8ba04c7b 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -13098,7 +13098,18 @@ }, "uuid": "7cfa694a-1e5b-300a-627f-027d881870b1", "value": "Tellyouthepass" + }, + { + "description": "BigBobRoss ransomware is the cryptovirus that requires a ransom in Bitcoin to return encrypted files marked with .obfuscated appendix.", + "meta": { + "payment-method": "Bitcoin", + "refs": [ + "https://www.2-spyware.com/remove-bigbobross-ransomware.html" + ] + }, + "uuid": "8cfa684a-1e4b-309a-617f-026d881870b1", + "value": "BigBobRoss" } ], - "version": 57 + "version": 58 } From 55f6d2838897e2d0ce493c5b9dd633cf3b8a1582 Mon Sep 17 00:00:00 2001 From: rmkml Date: Sat, 13 Apr 2019 22:41:37 +0200 Subject: [PATCH 2/4] Add Planetary Ransomware --- clusters/ransomware.json | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 8ba04c7b..14556608 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -13109,7 +13109,18 @@ }, "uuid": "8cfa684a-1e4b-309a-617f-026d881870b1", "value": "BigBobRoss" + }, + { + "description": "First discovered by malware security analyst, Lawrence Abrams, PLANETARY is an updated variant of another high-risk ransomware called HC7.", + "meta": { + "payment-method": "Bitcoin", + "refs": [ + "https://www.pcrisk.com/removal-guides/12121-planetary-ransomware" + ] + }, + "uuid": "6cfa664a-1e2b-329a-607f-026d781870b1", + "value": "Planetary" } ], - "version": 58 + "version": 59 } From 271143519d35be94215f5ece4c14b84e2759c286 Mon Sep 17 00:00:00 2001 From: rmkml Date: Sat, 13 Apr 2019 23:04:25 +0200 Subject: [PATCH 3/4] Add SpelevoEK --- clusters/exploit-kit.json | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json index c6489c31..cec4cf24 100644 --- a/clusters/exploit-kit.json +++ b/clusters/exploit-kit.json @@ -749,7 +749,17 @@ }, "uuid": "00815961-3249-4e2e-9421-bb57feb73bb2", "value": "Unknown" + }, + { + "description": "The Spelevo exploit kit seems to have similarities to SPL EK, which is a different exploit kit.", + "meta": { + "refs": [ + "https://cyberwarzone.com/what-is-the-spelevo-exploit-kit/" + ] + }, + "uuid": "00715961-2249-3e2e-8420-bb47feb73bb2", + "value": "SpelevoEK" } ], - "version": 13 + "version": 14 } From d16cc2e184186003e37aad1288e2f8aea52bc162 Mon Sep 17 00:00:00 2001 From: rmkml Date: Sun, 14 Apr 2019 20:49:36 +0200 Subject: [PATCH 4/4] Add Cr1ptt0r Ransomware --- clusters/ransomware.json | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 14556608..beef9afc 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -13120,7 +13120,24 @@ }, "uuid": "6cfa664a-1e2b-329a-607f-026d781870b1", "value": "Planetary" + }, + { + "description": "Cr1ptT0r Ransomware Targets NAS Devices with Old Firmware.", + "meta": { + "payment-method": "Bitcoin", + "refs": [ + "https://www.coveware.com/blog/2019/3/13/cr1ptt0r-ransomware-targets-nas-devices-with-old-firmware", + "https://malpedia.caad.fkie.fraunhofer.de/details/elf.cr1ptt0r" + ], + "synonyms": [ + "Criptt0r", + "Cr1pt0r", + "Cripttor" + ] + }, + "uuid": "8cfa554a-1e1b-328a-606f-026d771870b1", + "value": "Cr1ptT0r" } ], - "version": 59 + "version": 60 }